01-12-2014, 11:55 AM
(01-12-2014, 02:18 AM)Phaze Wrote:(01-11-2014, 09:19 AM)Raz Wrote: Good. That's exactly the way it should be. PHPMyAdmin isn't so bad so long as it's running on the server side and you're not exposing MySQL to any external network traffic but even security is paramount and so SSH with RSA keys is the way to go.
Server side? I thought the risk inherent in phpMyAdmin was if it was on a site since it's vulnerable to attack at times, especially if outdated. Wouldn't it make more sense if it was on another server that is having its connection tunneled through to the server with the database on it via SSH?
I still use a password to SSH into my box instead of RSA keys but I'd like to believe the password is reasonably secure to make bruteforce infeasible.
PHP is PHP no matter where it's hosted, putting it on a remote server and tunneling the information back to the MySQL server and having the MySQL server on the same box as PHP have the exact same risks. PHPMyAdmin will connect to the same MySQL server regardless of where it's sitting so the risk is no more or less for it being installed locally, indeed the preference for it being local is to reduce data transaction latency since it won't have to tunnel to send/receive any data.
SSH with RSA keys just means you can automate a lot of the work, indeed we automate a lot of processes such as offsite backups and RSA keys means there's never any passwords lying around.